CVE-2015-0064

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Office Remote Code Execution Vulnerability."

Published: Feb 11, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-0064
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
microsoft / web_applications	2010-sp2	2010-sp2.x
microsoft / office_compatibility_pack	-	-
microsoft / word	2010-sp2	2010-sp2.x
microsoft / word_viewer	-	-
microsoft / word	2007-sp3	2007-sp3.x
microsoft / office	2010-sp2	2010-sp2.x
microsoft / sharepoint_server	2010	2010.x

http://secunia.com/advisories/62808
http://www.securityfocus.com/bid/72463
http://www.securitytracker.com/id/1031720
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012
https://www.exploit-db.com/exploits/37967/

Vulnerability Database

289,599

CVE-2015-0064